UPCOMING EVENTS

At Google’s annual Playtime developer event in Berlin and San Francisco, the company made a series of Google Play announcements. In terms of momentum, Vineet Buch, Google Play’s director of product management, shared that the number of developers making over $1 million per month on Google Play has grown by more than 30 percent since the beginning of the year. Buch also added that Google Play now sees more than 8 billion new installs per month globally (this excludes preinstalled apps). In short, Google wants developers to know the Play store is doing well and that it’s continuing to invest in the ecosystem.

Android vitals, introduced at Google’s I/O 2017 developer conference, are already used by 65 percent of top developers. Five new Android vitals are being added today, and device coverage has been increased to help address issues relating to battery consumption, crashes, and render time.

Pre-launch reports are being enabled for all developers with no need to opt-in, informing about crashes, display issues, security vulnerabilities, and now, performance issues. When you upload an alpha or beta APK, your app will be tested on popular devices powered by Firebase Test Lab.

A new Google Play policy now disallows apps and games which consistently exhibit broken experiences on the majority of devices such as crashing, closing, freezing, or otherwise functioning abnormally.

You can now target alpha and beta tests to specific countries, and country-targeting is coming to staged rollouts soon.

The device catalog, used by over 66 percent of top developers according to Google, now lets you save device searches and see why a specific device doesn’t support your app.

You can also now offer shorter free trials, at a minimum of three days, and Google Play will now enforce one free trial at the app level to reduce the potential for abuse. You can opt-in to receive notifications when users cancel their subscription, it’s easier for users to restore a canceled subscription, and you can block access to your service while a user fixes renewal payment issues.

Starting in January 2018, Google is reducing its transaction fee from 30 percent to 15 percent for subscribers who are retained for more than 12 months.

The new Google Play Security Reward Program is supposed to incentivize security researchers to find vulnerabilities in popular Android apps, including Google’s own apps. The program will notify developers with security recommendations and how to fix them.

The last point deserves more detail. Google wants to proactively improve security in the Google Play ecosystem by trying the mimic the success it has seen with its own bug bounty programs. The program is a partnership with HackerOne, a vulnerability identification platform that helps connect security-conscious businesses with bug hunters.

Google expects the flow will work something like this: A security researcher identifies a vulnerability within an app participating in the program and reports it directly to the app’s developer. The two work together to resolve the vulnerability. Once the security hole has been plugged, the researcher submits a report to the Google Play Security Reward Program, and the Android Security team issues a reward to the researcher.

Google promises rewards of $1,000 that meet its vulnerability criteria, but notes all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. Vulnerabilities in the scope include:

UI Manipulation to commit a transaction. For example, causing a banking app to make money transfers on behalf of the user without their consent.

Opening of webview that may lead to phishing attacks. Opening webview without user input or interaction.

Google’s message to developers remains unchanged: We want to help grow your business because it will help grow our business. The list of updates above shows the company is not messing around.

Google today also released a new State of Play 2017 report that will be updated annually to help developers stay informed about the app store’s progress. If you kept up with the news at I/O 2017, there’s not much new in there, but it’s still a solid summary for those who want to catch up.